인증 실패 봄 보안 wildfly

봄 응용 프로그램을 바람둥이에서 wildfly로 마이그레이션하려고합니다. 더 이상 로그인 할 수 없습니다. 초기 성공 인증이 손실되거나 덮어 쓰여진 다음 익명 세션이 생성되는 것 같습니다.

봄 보안 : 4.0.1.RELEASE wildfly 8.2.0

갇혀서 알아낼 수 없습니다. 도움이나 제안을 주시면 감사하겠습니다.

감사

다음은 로그에서 발췌 한 내용입니다.

성공적인 인증 :

17:13:43,182 FINE  [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] (default task-6) Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user
17:13:43,183 FINE  [org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler] (default task-6) Using default Url: /
17:13:43,183 FINE  [org.springframework.security.web.DefaultRedirectStrategy] (default task-6) Redirecting to '/myapp/'
17:13:43,183 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) HttpSession being created as SecurityContext is non-default
17:13:43,184 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-6) SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@fc115a3: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@fc115a3: Principal: myapp.springSupport.AccountUser@bb94ce99: Username: test1976; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_sysadmin,user; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_sysadmin, user' stored to HttpSession: 'io.undertow.servlet.spec.HttpSessionImpl@725caa25
17:13:43,186 FINE  [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-6) SecurityContextHolder now cleared, as request processing completed
17:13:43,202 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,202 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No HttpSession currently exists
17:13:43,202 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) No SecurityContext was available from the HttpSession: null. A new one will be created.

익명 세션이 생성되는 위치는 다음과 같습니다.

17:13:43,205 FINE  [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] (default task-9) Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
17:13:43,205 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 11 of 13 in additional filter chain; firing Filter: 'SessionManagementFilter'
17:13:43,205 FINE  [org.springframework.security.web.session.SessionManagementFilter] (default task-9) Requested session ID 4B9EACEB7190B99CC7A1E248D8E4495B is invalid.
17:13:43,205 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 12 of 13 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
17:13:43,206 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp at position 13 of 13 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
17:13:43,206 FINE  [org.springframework.security.web.util.matcher.AntPathRequestMatcher] (default task-9) Checking match of request : '/index.jsp'; against '/srv/private/**'
17:13:43,206 FINE  [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (default task-9) Public object - authentication not attempted
17:13:43,206 FINE  [org.springframework.security.web.FilterChainProxy] (default task-9) /index.jsp reached end of additional filter chain; proceeding with original chain
17:13:43,207 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-9) SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
17:13:43,207 FINE  [org.springframework.security.web.access.ExceptionTranslationFilter] (default task-9) Chain processed normally
17:13:43,207 FINE  [org.springframework.security.web.context.SecurityContextPersistenceFilter] (default task-9) SecurityContextHolder now cleared, as request processing completed
17:13:43,211 FINE  [org.springframework.security.web.FilterChainProxy] (default task-12) /srv/home at position 1 of 13 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
17:13:43,211 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No HttpSession currently exists
17:13:43,211 FINE  [org.springframework.security.web.context.HttpSessionSecurityContextRepository] (default task-12) No SecurityContext was available from the HttpSession: null. A new one will be created.

내 봄 보안 구성 :

<security:http auto-config="true"> 
    <security:intercept-url pattern="/srv/private/**"
        access="hasAuthority('user')"/>
    <!-- enable csrf protection -->
    <security:csrf disabled="true"/> 
</security:http>